Methods, systems, and computer readable mediums for implementing a data protection policy for a transferred enterprise application

ABSTRACT

Methods, systems, and computer readable mediums for logically remediating infrastructure resource components are disclosed. According to one example, the method includes capturing metadata specifying both a data protection policy applied to an enterprise application supported by a host computing system and a location of backup file data associated with the enterprise application and transferring the enterprise application and the metadata from the host computing system to a target computing system. The method further includes utilizing the metadata to reconstruct the data protection policy for the transferred enterprise application on the target computing system, wherein the metadata specifies a data protection solution for each of a plurality of resource components supporting the transferred enterprise application on the target computing system.

PRIORITY CLAIM

This application is a continuation of U.S. patent application Ser. No.14/584,139 filed Dec. 29, 2014, the disclosure of which is incorporatedherein by reference in its entirety.

TECHNICAL FIELD

The subject matter described herein relates to data protection measures.More specifically, the subject matter relates to methods, systems, andcomputer readable mediums for implementing a data protection policy fora transferred enterprise application.

BACKGROUND

Presently, information technology (IT) departments utilize varioussoftware application products to transfer enterprise applications (e.g.,an online banking application, securities trading application, etc.)from one computing system to another. Application transfers can beconducted either within a single data center facility or between two ormore data center facilities separated by some geographical distance.Regardless of the computing system an enterprise application physicallyresides, application data requires some degree of protection at itscurrent host location. The level of data protection afforded by the hostcomputing system is largely dependent on the value and sensitivity ofthe stored application data. While the transfer of application data maybe conducted for any number of practical and strategic reasons, such aprocedure is not without inherent drawbacks. Namely, the transfer ofapplication data in an enterprise setting often requires the rebuildingof data protection policies associated with the transferred applicationdata. In addition, any transfer of application data conducted during abackup file retention period can compel an application restorationprocess to become a challenging endeavor.

SUMMARY

Methods, systems, and computer readable mediums for implementing a dataprotection policy for a transferred enterprise application aredisclosed. According to some embodiment, the method includes obtainingmetadata specifying both a data protection policy applied to anenterprise application supported by a host computing system and alocation of backup file data associated with the enterprise applicationand transferring the enterprise application and the metadata from thehost computing system to a target computing system. The method furtherincludes utilizing the metadata to reconstruct the data protectionpolicy for the transferred enterprise application on the targetcomputing system, wherein the metadata designates a data protectionsolution for each of a plurality of resource components supporting thetransferred enterprise application on the target computing system.

BRIEF DESCRIPTION OF THE DRAWINGS

The subject matter described herein will now be explained with referenceto the accompanying drawings of which:

FIG. 1 illustrates logical block diagram representation of an exemplaryconverged infrastructure in accordance with embodiments of the subjectmatter described herein;

FIG. 2 illustrates a flow chart of an exemplary process for logicallyremediating infrastructure resource components in accordance withembodiments of the subject matter described herein; and

FIG. 3 illustrates a logical block diagram representation an exemplaryconverged infrastructure host system transferring an enterpriseapplication to a converged infrastructure target system in accordancewith embodiments of the subject matter described herein.

DETAILED DESCRIPTION

The subject matter described herein discloses methods, systems, andcomputer readable mediums for implementing a data protection policy fora transferred enterprise application. In some embodiments, the disclosedsubject matter includes an application that has been designated fortransfer from a supporting host computing system to a target computingsystem. As used herein, an ‘application’ may refer to an enterpriseapplication (e.g., an on-line banking system application) that is hostedand executed across both a physical environment and a virtualenvironment. For example, the physical environment may comprise resourcecomponents such as compute components, storage components, andnetworking components that are collectively configured to host virtualmachines (in a virtual environment) that facilitate and implement theenterprise application. The resource components may also be configuredto store file data associated with the enterprise application. Notably,the enterprise application is typically subjected to a single dataprotection policy that is applied to the application as a whole, but maybe implemented on each resource component in varying ways.

Notably, the host computing system may execute a data protection policymanagement (DPPM) module that accesses data protection policy metadatawhich specifies both i) a data protection policy that is currentlyapplied to the enterprise application designated for transfer and ii)the location(s) of backup file data associated with the enterpriseapplication. As used herein, a data protection policy may involve one ormore of the following: periodic backups, synchronous data replication,asynchronous data replication, and business continuity measures.Afterwards, the DPPM module may be utilized to transfer the enterpriseapplication and the data protection policy metadata from the hostcomputing system to the target computing system designated as thedestination. Upon receipt of the data protection policy metadata and theapplication file data, the target computing system may utilize themetadata to reconstruct the data protection policy (e.g., on the targetcomputing system itself) for the transferred enterprise application.Notably, the data protection policy metadata may designate a dataprotection solution to be implemented for each of a plurality ofresource components (e.g., compute components, storage components, etc.)supporting the transferred enterprise application on the targetcomputing system.

In accordance with some embodiments of the disclosed subject matter,functionality for implementing a data protection policy for atransferred enterprise application can involve interacting with one ormore converged infrastructure (CI) systems, such as an integratedinfrastructure system (e.g., a Vblock® System from VCE Company, LLC),and/or computing system resource components contained therein. Forexample, a CI system can include a single computing platform unitassociated with racks of physical CI components and related software forperforming virtualization, cloud computing, and/or other informationtechnology (IT) functions. Moreover, a CI system can comprise multiplecomputing system resource components, such as physical resources and/orvirtual resources, in a preconfigured or prepackaged computing platform,where some resource components are developed and/or manufactured bymultiple entities. For example, an exemplary CI system can comprise datastorage devices, servers (e.g., web servers, file servers, etc.),networking equipment, and software for managing physical resourcesand/or virtualized resources (e.g., virtual servers). Although thefollowing disclosure describes the use of one or more CI systems, anyintegrated infrastructure system or device can be utilized withoutdeparting from the scope of the present subject matter.

Reference will now be made in detail to exemplary embodiments of thesubject matter described herein, examples of which are illustrated inthe accompanying drawings. Wherever possible, the same reference numberswill be used throughout the drawings to refer to the same or like parts.

FIG. 1 is a logical block diagram representation of an exemplary CIsystem, generally represented as CI 100, according to an embodiment ofthe subject matter described herein. Although the following disclosuredescribes the use of CI 100, any type of computing system can beutilized without departing from the scope of the present subject matter.CI 100 may comprise multiple computing system resource components, suchas virtual resources and physical resources. Exemplary physicalresources can comprise a processor, a memory module, a computecomponent, a network component, a storage component, a server, networkequipment, a router, a switch, wiring or cabling, a storage device, aphysical port, and/or a communications interface. Exemplary virtualresources can comprise a virtual entity (e.g., an entity that appears asa physical entity but comprises one or more components associated withone or more CI systems), a virtual machine, a virtual server, a virtualstorage device, a virtual port, and/or a virtual communicationsinterface. CI 100 can also comprise software and related components formanaging the CI system and/or component portions (e.g., computing systemresource components) therein.

More specifically, CI 100 in FIG. 1 includes a central manager 102, arepository 190, a virtualized infrastructure 108, and a physicalinfrastructure 118. In some embodiments, central manager 102 can beconfigured to communicate with various resource components and/or managevarious resource components in CI 100. More specifically, centralmanager 102 can be configured to manage performance, resourceutilization levels, application data recovery, and other aspectsassociated with resource components included in virtualizedinfrastructure 108 and/or physical infrastructure 118. In someembodiments, central manager 102 can comprise VCE Vision™ IntelligentOperations software and/or firmware.

In some embodiments, central manager 102 can include (and/or interactwith) a data protection policy management (DPPM) module 140. DPPM module140 may comprise any suitable entity (e.g., hardware, firmware, and/orsoftware executing on a processor) for implementing a data protectionpolicy for a transferred enterprise application. For example, DPPMmodule 140 can be configured to procure and manage data protectionpolicy metadata (see below) that specifies both i) a data protectionpolicy that is applied to an enterprise application supported by a hostcomputing system (e.g., CI 100) and ii) the location(s) of backup filedata associated with the enterprise application. DPPM module 140 mayalso be configured to transfer the enterprise application and themetadata from the host computing system to a target computing system. Insuch a scenario, the DPPM module on the destination CI may utilize thereceived metadata to reconstruct a data protection policy for thetransferred enterprise application on the receiving target computingsystem. Notably, the data protection policy may further specify dataprotection solutions that can be used by DPPM module 140 for each of theresource components supporting the transferred enterprise application onthe target computing system. More specifically, DPPM module 140 may beconfigured to implement the data protection policy solutions on theresource components at a per-component level.

As indicated above, CI 100 may include a repository 190, which in turnmay comprise any data storage unit (e.g., a database or plurality ofdatabases) that can be configured to store data protection policyrelated information, such as data protection policy metadata 195 and atleast one data protection policy 198. Although FIG. 1 depicts repository190 as a local data storage unit residing on CI 100, repository 190 canalso be embodied as a data storage unit located at an online location(e.g., a public distributed content site), on a local proxy server in acustomer's or system administrator's environment, or on a different CIsystem without departing from the scope of the disclosed subject matter.Moreover, repository 190 can be implemented using one or more computingplatforms, devices, or systems. In some embodiments, the data protectionpolicy metadata 195 also comprises data protection policy information198 that identifies all of the resource components supporting anenterprise application 160 (described in further detail below) that aresubjected to a particular data protection policy. Although FIG. 1depicts metadata 195 being contained in a local repository 190, metadatamay be stored with resource components designated to support theenterprise application file data as part of a descriptor file, stubfile, stub or other data entity. For example, metadata 195 may identifyboth the virtual machines (e.g., VMs 110-114 as described in detailbelow) and the underlying physical resource components (e.g., one ormore of hardware resources 122 as described in detail below) that areutilized to support the enterprise application 160 hosted on CI 100. Inaddition to providing information that enables DPPM module 140 to keeptrack of the resource components that are subject to the data protectionpolicy 198, metadata 195 also maintains a record of the location of thephysical resource components (e.g., storage components) that storebackup file data (e.g., backup file data 172) associated with the hostedenterprise application. For example, metadata 195 may include recordsindicating the file retention window or period (e.g., 30 retentionperiod) for backup file data 172 and/or the established backup frequency(e.g., conduct backup procedure every 12 hours). If enterpriseapplication 160 resides on the same computing system for the duration ofthe file retention window established by data protection policy 198,then backup file data 172 will contain all of the backup file data forapplication 160.

In the event an enterprise application is transferred to a destinationcomputing system, such as CI 100, repository 190 can be provisioned withmetadata information linked with said enterprise application from asecond repository (e.g., from a sending host CI system). For example,metadata information can be obtained or copied from a second repositoryover network 175, using secure copy (SCP) protocol, file transferprotocol (FTP), secure file transfer protocol (SFTP), hypertext transferprotocol (HTTP), or any like protocol. In some embodiments, CI 100 andthe second CI system can be located at a common site and can becommunicatively connected by a wired or wireless connection. In such aconfiguration, repository 190 can be provisioned with data protectionpolicy metadata information from the second CI system via the wired orwireless connection. It is understood that the provisioning ofrepository 190 with data protection policy metadata information usingthe exemplary methods described above can be conducted via any automatedor automatic manner. In addition, data protection policy metadatainformation copied from a second repository and installed intorepository 190 can utilize any form of transportable mediums, such as acompact disc (CD), flash memory, a universal serial bus (USB) device,and the like.

In some embodiments, enterprise applications 160 may be supported byseveral resources existing in both a virtualized infrastructure 108 anda physical infrastructure 118 of CI 100. For example, virtualizedinfrastructure 108 can comprise a virtualization environment configuredto simulate components of a computing device, such as a processor,system memory, and a storage device, for executing one or more virtualmachines (VMs), such as VM 110, VM 112, and VM 114. Each of VM 110, VM112, and VM 114 can be configured to perform various functions and/orservices, such as web server functions or cloud application services,and can interact with various nodes, components, and/or users. Notably,each of VMs 110-114 may be configured to support an enterpriseapplication 160. Although FIG. 1 illustrates that each of each of VMs110-114 supports at least a portion of an enterprise application 160(e.g., an on-line banking application, a securities trading platformapplication, etc.), a single VM may be configured to host application160 in its entirety without departing from the scope of the disclosedsubject matter.

In some embodiments, virtualized infrastructure 108 can be associatedwith one or more virtual entities. Each virtual entity can be supportedby one or more resource components. In some embodiments, virtualizationmanager 116 can allow logical entities to be created, deleted, ormodified using an API and/or a GUI. Virtualization manager 116 canconstitute any suitable entity (e.g., software executing in a virtualmachine) for managing aspects associated with virtualized infrastructure108. In some embodiments, virtualization manager 116 can be configuredfor providing data management via one or more communications interfaces.For example, virtualization manager 116 can communicate with one or morethird-party management tools using APIs. In addition, virtualizationmanager 116 may be communicatively connected to central manager 102 viaa system bus connection. Notably, virtualization manager 116 may receivedata protection policy related information, inquiries, and instructionsfrom DPPM module 140 via central manager 102.

Physical infrastructure 118 can comprise hardware resources 122, such asnetwork components 124-126, compute components 128-130, and storagecomponents 132-134. Hardware resources 122 can be communicativelyconnected to various other resource components in CI 100 and otherentities. Hardware resources 122 can be configured for use by one ormore virtual entities in virtualized infrastructure 108. In someembodiments, network components 124-126 (e.g., network switches) can beconfigured to enable communication between the resource components in CI100.

Hardware resource manager 120 can be any suitable entity (e.g., softwareexecuting in a virtual machine) for managing aspects associated withphysical infrastructure 118. In some embodiments, hardware resourcemanager 120 can be configured to provision hardware resources 122 viaone or more communications interfaces. For example, hardware resourcemanager 120 can provision hardware resources 122 for implementing one ormore virtual entities (e.g., VMs 110-114) in virtualized infrastructure108. In some embodiments, hardware resource manager 120 can comprise anymanagement component or entity, such as a unified infrastructure manager(UIM) or a unified computing system (UCS) director entity, which isconfigured to provision the physical hardware of CI 100.

As indicated above, DPPM module 140 may be configured to manage a dataprotection policy for an enterprise application. As shown in FIG. 1 ,enterprise application 160 is being supported by the resource componentsof CI 100. Further, data protection policy metadata 195 contained inrepository 190 includes a data protection policy 198 that specifies ageneral data protection solution that is applied to enterpriseapplication 160. Notably, data protection policy 198 is created anddesignated at the application level. However, data protection policy 198may also set forth the specific data protection policy measures to beapplied to the different resource components supporting hostedenterprise application 160. More specifically, data protection policy198 includes specified data protection policy implementation measures,methods, and/or solutions that are applied to each of the underlyingresource components supporting the enterprise application 160. Ingeneral, an exemplary data protection policy applied to an enterpriseapplication may try to achieve a recovery point objective utilizing ahigh level description. For example, a particular data protection policyat the application level may generally indicate i) a permissible amountof downtime for an enterprise application and ii) a threshold valueindicating a permissible amount of data that can be lost. However, asset forth above, data protection policy 198 may define differentimplementation mechanisms that uniquely pertain to each resourcecomponent (or resource component type). For example, the data protectionpolicy implementation mechanism may define a specific frequency forbacking up application file data and/or define a specific file retentionwindow. In one exemplary embodiment, a data protection policyimplementation may indicate that a storage component 134 in CI 100 isresponsible for backing up file data associated with enterpriseapplication 160 every 12 hours. The data protection policyimplementation may further indicate that the backup file data isretained for a predefined number of file retention iterations and/or apredefined number of days. Notably, in some embodiments, a singleapplication may include multiple data protection policies. For example,a single enterprise application may utilize one or more of: i) a basicbackup, ii) a backup replication to a second site (e.g., in the event aprimary site is destroyed or disabled, iii) synchronous replication ofdata to a local and/or remote computing systems, iv) asynchronousreplication of data to local and/or remote computing systems, v)compliance copies that are protected and/or stored in accordance tolegal requirements, vi) litigation hold copies, vii) auto shred uponexpiration, viii) high availability (e.g., zero downtime), and the like.

In some embodiments, metadata 195 may also establish a link between adata protection policy, a supported enterprise application, and thatapplication's underlying resource components via the recordation and useof a unique identifier (ID). More specifically, one or more virtual andphysical resource components in CI 100 may be identified and/or taggedusing a unique ID (e.g., an alphanumeric identifier) that is alsocommonly shared with the supported enterprise application. That is, theunique identifier can serve as a logical nexus between application 160and the supporting resource components (e.g., VMs 110-114 and components128-134) designated by data protection policy 198. Namely, the uniqueidentifier is attached to (or included within) data protection policy198, thereby logically tying data protection policy 198 to thecomponents supporting enterprise application 160. Such a logical linkenables a system administrator to manage and/or change in the manner inwhich data protection policy 198 is applied to the supporting resourcecomponents.

In some embodiments, DPPM module 140 may utilize the unique identifierstored in metadata 195 to facilitate the transfer of an enterpriseapplication (e.g., enterprise application 160) and its correspondingmetadata (e.g., metadata 195) from CI 100 to another target destination.For example, DPPM module 140 may detect (e.g., via notification fromcentral manager 102) that hosted enterprise application 160 has beendesignated to be transferred from CI 100 to another computing system(e.g., a target or destination CI). In such a scenario, DPPM module 140may be configured to query repository 190 to access the data protectionpolicy metadata 195 corresponding to enterprise application 160. Uponlocating metadata 195, DPPM module 140 may be configured to transfer,from CI 100, application file data 170 (which is utilized to implementthe VMs 110-114 serving as hosts for application 160) and metadata 195to a target destination CI. Notably, the unique identifier may beutilized by DPPM module 140 to establish a link between metadata 195 andapplication file data 170 prior to the transfer of said data to thetarget destination. In some embodiments, transferred metadata 195 notonly includes data protection policy 198 but also location information(e.g., IP address(es)) corresponding to the component(s) responsible forstoring backup data files 172 (which are backup data of application filedata 170). In some embodiments, application file data 170 and metadata195 may be transferred in a separate manner by DPPM module 140 viaindependent methods and/or processes.

In the event application file data 170 (i.e., file data for enterpriseapplication 160) is transferred to a second CI system functioning as thedestination or target server, said second CI system may utilize its ownDPPM module to conduct an assessment to determine if sufficientresources are available to support the received data protection policy.The DPPM module may compare the requirements included in the receiveddata protection policy with the available resources contained in thetarget server. Using CI 100 as an example of a target CI system,resident DPPM module 140 may query virtualization manager 116 andhardware resource manager 120 in order to assess the availability andtype of resources are present on CI 100 and whether the requirements ofdata protection policy 198 can be satisfied. For example, DPPM module140 may be configured to communicate with the virtualized infrastructure108 and physical infrastructure 118 in CI 100 via virtualization manager116 to obtain assessment data regarding the virtual resources in CI 100and hardware resource manager 120 to obtain assessment data regardingthe physical resources in CI 100. In the event enterprise application160 is transferred to a target CI, DPPM module 140 may utilize theunique ID included in application 160 to query repository 190 in orderto access data protection policy metadata 195. Notably, metadata 195 maybe accessed to determine the type of data protection associated withtransferred application 160 and query virtualized infrastructure 108 andphysical infrastructure 118 to determine if the CI system includessufficient network resources as required by data protection policy 198.In the event the DPPM module 140 determines that CI 100 has sufficientresources to implement data protection policy 198, DPPM module 140utilizes the transferred metadata to reconstruct the data protectionpolicy measures on the target CI's resource components. In someembodiments, DPPM module 140 may reconstruct the data protection policymeasures by designating resource components in CI 100 to support thetransferred application and configuring said designated resources tocomply with the specified data protection policy measures/solutions. Inone embodiment, an enterprise application that is transferred maycomprise a basic data protection policy that involves a single backuponce per day with a backup retention period for 30 days. Notably, therespective backup computing systems at the original data center facilitysite and the new data center facility site has a “backup to disk” system(e.g., Avamar backup system). In the event the enterprise application istransferred to the new data center facility site, DPPM module 140 (inthe computing system at the new site) may be configured to reconstructthe data protection policy via an application programming interface(API). For example, any backup procedure in which a backup systemadministrator or user can perform utilizing a user interface (e.g., aGUI or CLI) or code scripts, DPPM module 140 may be configured toexecute via the API.

After enterprise application 160 is fully supported by CI 100,situations or conditions may arise where application 160 needs to berestored in part or in its entirety. In the event a restore or recoveryprocedure for a transferred enterprise application (e.g., supposeapplication 160 was transferred to CI 100) is initiated, DPPM module 140may be configured to access metadata 195 to determine the associateddata protection policy (e.g., data protection policy 198) for theenterprise application being restored (e.g., application 160). Notably,DPPM module 140 utilizes metadata 195 to determine the file retentionperiods established by data protection policy 198 and the networklocation (e.g., IP address) of the physical resource components storingthe backup file data corresponding to the application data files 170that support enterprise application 160. If DPPM module 140 determinesthat the restore procedure is being performed at a point in time inwhich the file retention period is exceeded by the amount of time theapplication has been supported by the host computing system, thenmetadata 195 will indicate that the backup file data (e.g., backup filedata 172) is located entirely on CI 100 (e.g., the current hostcomputing system). Otherwise, metadata 195 may indicate that the backupfile data is stored in a distributive manner across a plurality ofcomputing systems, such as the current CI system and the original hostCI system. Notably, backup file data is typically not transferred withthe application data so the location information contained in metadata195 is critical to conducting a proper restoration of application 160.In some embodiments, DPPM module 140 may review the formerly transferredmetadata 195 (now on CI 100) to determine the location of the“distributed” backup data. For example, DPPM module 140 may use a uniqueidentifier to acquire IP addresses of storage components on the originalhost CI and issue request for the relevant backup file data. For anyportion of the backup filed data that resides locally on CI 100 (asindicated by the file retention period), DPPM module 140 may instruct(via central manager 102 and/or hardware resource manager 120) to assignlocal hardware components to conduct the restoration.

In some embodiments, central manager 102 can include or utilize one ormore communications interfaces, e.g., a GUI, a CLI, an API, or otherinterface, for receiving metadata query related information with aclient entity 165. For example, client entity 165 (e.g., a user) canrequest, using a representation state transfer (REST) API relatedmessage, information about a particular CI or resource componentassociated with the support of an enterprise application. For example,client entity 165 can represent any entity (e.g., software executing ona processor, a web-based interface, etc.) for allowing a user (e.g., ahuman operator or an automated system) to interact with CI 100, resourcecomponents therein, and/or other entities. In some embodiments, cliententity 165 can communicate directly with CI 100 with or without usingcommunications network 175 (e.g., the Internet). In some embodiments,client entity 165 may be used to request audit information correspondingto metadata 195 or data protection policy 198. Likewise, client entity165 may be utilized to change or modify aspects, features, ordefinitions associated with data protection policy 198.

In some embodiments, various entities depicted in FIG. 1 can beincorporated or implemented using one or more other entities depicted inFIG. 1 . For example, DPPM module 140 can be incorporated in computecomponent 124, compute component 126, and/or a specialized device orcompute component (e.g., an application management pod (AMP)). Inanother example, DPPM module 140 can be implemented using or located inan AMP and/or another device in physical infrastructure 118. In yetanother example, virtualization software and/or virtualized componentscan be implemented using an AMP and/or another compute device (e.g., ablade appliance designated for some system management software). In someembodiments, each of the aforementioned compute components can compriseany type of hardware processor unit capable of executing computerexecutable instructions and/or software modules.

As indicated above, the subject matter disclosed herein can beimplemented in software in combination with hardware and/or firmware.For example, subject matter described herein can be implemented insoftware executed by a processor. In some exemplary implementations, thesubject matter described herein can be implemented using a computerreadable medium having stored thereon computer executable instructions,which when executed by a processor of a computer, cause the computer toperform steps. Exemplary computer readable mediums suitable forimplementing the subject matter described herein include non-transitorydevices, such as disk memory devices, chip memory devices, programmablelogic devices, and application specific integrated circuits. Inaddition, a computer readable medium that implements the subject matterdescribed herein can be located on a single device or computing platformor can be distributed across multiple devices or computing platforms.For example, a DPPM module 140 or repository 106 (e.g., a system libraryor data therein) can be located at a single computing system or can bedistributed across one or more devices, platforms, and/or systems. Asused in the disclosed subject matter, the terms “function” or “module”refer to hardware, firmware, or software in combination with hardwareand/or firmware for implementing features described herein.

It will be appreciated that FIG. 1 is for illustrative purposes and thatvarious components, their locations, and/or their functions as describedabove in relation to FIG. 1 can be changed, altered, added, or removed.For example, DPPM module 140 can comprise multiple, interacting softwaremodules. Further, aspects of the disclosed subject matter can beimplemented and/or located on any computing system or componentstherein.

FIG. 2 illustrates a flow chart of an exemplary method 200 forimplementing a data protection policy for a transferred enterpriseapplication in accordance with embodiments of the subject matterdescribed herein. The description below with respect to method 200further includes reference to FIG. 3 as an example of an enterpriseapplication transfer between two CI systems. Although the followingdisclosure describes the implementation of a data protection policy on aCI system, the present subject matter can be applied to any computingsystem without departing from the scope.

At step 202, an enterprise application is selected for transfer. In someembodiments, a system administrator designates an enterprise application(e.g., an on-line banking application), which is currently beingsupported by one or more computing systems, to be transferred to one ormore target computing systems. Referencing FIG. 3 for example, a host CI302 may include a user interface (not shown) in which a systemadministrator may select or designate an enterprise application 322 fortransfer from host CI 302 to target CI 402. Similar to the CI depictedin FIG. 1 , host CI 302 in FIG. 3 comprises a central manager 304, arepository 306, a virtual infrastructure environment 312, and a physicalinfrastructure environment 314. Each of these elements is identical totheir counterparts described above in regard to FIG. 1 . In addition,central manager 304 may include a DPPM module 308, repository 306 mayinclude metadata 320 and data protection policy 310. Lastly, virtualenvironment 312 includes supported application 322 and physicalenvironment 314 includes application file data 324 and backup file data326. Likewise, target CI 402 in FIG. 3 has similar elements andcomponents as host CI 302.

At step 204, metadata specifying both a data protection policy appliedto an enterprise application supported by a host computing system and alocation of backup file data associated with the enterprise applicationis captured. In some embodiments, the type of data protection applied tothe enterprise application is identified. For example, the current hostcomputing system may be configured to locate a data protection policythat is utilized by the enterprise application. Returning to FIG. 3 , acentral manager 304 (e.g., VCE Vision) on host CI 300 may utilize a dataprotection policy management (DPPM) module 308 to query a localrepository 306 in order to access metadata 320. In some embodiments,DPPM module 308 utilizes a unique identifier associated with theselected application to access the appropriate metadata 320. Metadata320 may include a data protection policy 310 that is employed andapplied to enterprise application 322 at an application level.Specifically, data protection policy 310 may comprise data thatidentifies the different data protection measures or solutions appliedto each resource component that is utilized by host CI 302 to supportenterprise application 322. For example, the data protection measureutilized by a compute component supporting application 322 may differ inscope from the data protection measure utilized by a storage componentsupporting application 322.

Similarly, the aforementioned capturing of metadata (i.e., step 204) mayinclude the determination of the location of the data protection backup.In some embodiments, the accessed metadata (e.g., metadata 320) may alsocontain address information (e.g., IP address information correspondingto a storage component in physical environment 314) corresponding to thelocation(s) of backup and/or replication data files 326 associated withenterprise application 322. Notably, the metadata 320 may also include arecord of file retention period information associated with each datafile backup location.

At step 206, the enterprise application and associated metadata aretransferred. As indicated above, the enterprise application andassociated metadata may be logically linked via the unique identifier.For example, metadata 320 and application file data 324 may betransferred from the host CI 302 to target CI 402 via transfercommunication 301. Specifically, application file data 324, whichcomprises the underlying file data for executing application 322, istransferred from physical environment 314 (e.g., one or more storagecomponents on host CI 302) to physical environment 414 on target CI 402.Notably, as a result of application file data 324 being transferred tophysical environment 414, target CI 402 is able to implement thetransferred enterprise application 322 on virtual machines executedwithin its own VM environment 412. This virtual machine implementationeffectively facilitates the transfer of application 322 from host CI 302to target CI 402. Although FIG. 3 depicts the transfer of metadata andapplication data to a single destination CI system (e.g., target CI402), metadata 320, application file data 324, and application 322 maybe distributed across a plurality of target CI systems without departingfrom the scope of the disclosed subject matter. In such a scenario, onecentral manager (e.g., central manager 404) may be designated as aprimary central manager responsible for coordinating the data protectionmanagement of application 322 among the remaining plurality of centralmanagers on the target CI systems.

At step 208, an assessment may be optionally conducted to determine ifsufficient resources to support the backup policies on the targetcomputing system are available. In some embodiments, a central manager404 on target CI 402 may be configured to utilize a local DPPM module408 to query a hardware manager in physical environment 414 to determinethe status of the resident physical resource components, which will beutilized to support the transferred enterprise application 322. Suchcomponent status information may include the number, the health (e.g.,operational status), and the availability of the compute components,storage components, and networking components included in physicalenvironment 414. After acquiring the component status information,central manager 404 may compare the component status information to thedata protection policy requirements set forth in the received metadata320.

In some embodiments, suppose an enterprise application is associatedwith a data protection policy comprising i) a daily backup, ii) aretention period of 30 days, and iii) configured to replicateapplication data synchronously. In accordance to such a data protectionpolicy, DPPM module 140 may determine that the enterprise applicationrequires 2 TB of backup capacity, 2 TB of offsite backup replicationcapacity, and 40 MB of application data synchronous replicationcapacity. In one scenario, DPPM module 140 (on the target computingsystem) may be configured to query the resource components of the targetcomputing system and determine that the components are currently belowthe 70% capacity threshold value (e.g., a selectable threshold). DPPMmodule 140 may further determine that there is 2 TB of backup capacity,2 TB of offsite backup replication capacity, and 40 MB of applicationdata synchronous replication capacity available. In response to such adetermination, DPPM module 140 may be configured to apply the dataprotection policy via API calls. If DPPM module 140 ascertains thatthere is inadequate capacity, then an alert signal or message indicatingthe specific policy that could not be satisfied would be sent/activated.Similarly, in some embodiments, the determination for sufficientperformance capabilities of the resource components of a computingsystem may be conducted by DPPM module 140. For example, DPPM module 140may be configured to analyze the system rated metrics in addition toprior workload metrics.

At step 210, the received metadata may be utilized to reconstruct thedata protection policy on the target computing system. In someembodiments, central manager 404 utilizes DPPM module 408 to analyzedata protection policy 310 included in the previously received metadata320. As indicated above, a data protection policy includes the specificdata protection policy measures and/or solutions applied to each type ofresource component that is utilized to support the backup data of thetransferred enterprise application 322. Accordingly, DPPM module 408applies a respective data protection policy measure (as indicated indata protection policy 310) to each of the resource components inphysical environment 414 that are designated to support the backupsolution to the transferred application 322.

At step 212, a restore or recovery procedure may be conducted (i.e., anoptional step). In some embodiments, in the event an application restoreprocedure is needed, central manager 404 queries metadata 320 inrepository 406 to determine the location of the backup file data for(previously transferred) enterprise application 322. As described above,metadata 320 may include a record of the location(s) (e.g., IPaddresses) of backup and/or replication data for enterprise application322. Depending on the file retention period associated with application322, the backup file data may be distributed over a plurality ofcomputing systems or CIs (e.g., both backup data 326 on original host CI302 and backup data 426 on CI 402). For example, if i) data protectionpolicy 310 (in repository 406) of application 322 specifies a fileretention period of 30 days and ii) application 322 was transferred totarget CI 402 (i.e., the “new host” CI) within the past 30 days, thenall or part of the necessary backup file data to conduct a restorationmay reside on two or more CI locations (e.g., both former host CI 302and CI 402). As such, metadata 320 in repository 406 may be configuredto contain and organize such distributed backup file data information.

As an example, consider the scenario where the data protection policyassociated with transferred application 322 specifies that the fileretention period is 30 days. In the event application 322 was lastbacked up on January 1^(st) on host CI 302, the transfer of application322 to target CI 402 was conducted on the January 5^(th), and arestoration procedure of enterprise application 322 is requested onJanuary 10^(th), then all or a portion of the backup file dataassociated with transferred application 322 would be distributed on bothhost CI 302 (e.g., backup file data 326 for January 1^(st)-5^(th)) andCI 402 (e.g., local backup file data 426 for January 5^(th)-10^(th)).Using this backup file data location information contained in metadata320, central manager 404 may communicate with central manager 304 inorder to facilitate the transfer (and/or access) of all or a portion ofbackup file data 326 (i.e., portion of January 1^(st)-5^(th)) from CI302 to CI 402. Once the backup file data (e.g., backup file data 326) isprovisioned on CI 402, DPPM module 408 may conduct the applicationrestoration process (i.e., using transferred backup file data 326 andbackup file data 426)

It should be noted that a computing system executing DPPM module 140and/or functionality described herein can constitute a special purposecomputing system. Further, DPPM module 140 and/or functionalitydescribed herein can improve the technological field of computing systemrestoration and recovery processes via the dynamic management of backupfile data pertaining to one or more computing systems, CI systems,and/or resource components therein.

While the systems and methods have been described herein in reference tospecific aspects, features, and illustrative embodiments, it will beappreciated that the utility of the subject matter is not thus limited,but rather extends to and encompasses numerous other variations,modifications and alternative embodiments, as will suggest themselves tothose of ordinary skill in the field of the present subject matter,based on the disclosure herein. Various combinations andsub-combinations of the structures and features described herein arecontemplated and will be apparent to a skilled person having knowledgeof this disclosure. Any of the various features and elements asdisclosed herein can be combined with one or more other disclosedfeatures and elements unless indicated to the contrary herein.Correspondingly, the subject matter as hereinafter claimed is intendedto be broadly construed and interpreted, as including all suchvariations, modifications and alternative embodiments, within its scopeand including equivalents of the claims.

What is claimed is:
 1. A method for implementing a data protectionpolicy for a transferred enterprise application, the method comprising:capturing metadata specifying both a data protection policy applied toan enterprise application supported by a host computing system and alocation of backup file data associated with the enterprise application;transferring the enterprise application and the metadata from the hostcomputing system to a target computing system; and utilizing themetadata to reconstruct the data protection policy for the transferredenterprise application on the target computing system, wherein themetadata specifies a data protection solution for each of a plurality ofhardware components supporting the transferred enterprise application onthe target computing system, wherein the target computing systemincludes a data protection policy management module that is configuredto assess whether the plurality of hardware components on the targetcomputing system is able to implement the data protection policy bycomparing requirements included in the data protection policy withavailable physical resources in the target computing system, and whereinthe data protection policy management module is configured toreconstruct the data protection policy by designating the availablephysical resources in the target computing system to support thetransferred enterprise application and to comply with the dataprotection policy.
 2. The method of claim 1 wherein each of the hostcomputing system and the target computing system is a convergedinfrastructure (CI) system.
 3. The method of claim 1 comprisingutilizing the transferred metadata to restore at least a portion of thetransferred enterprise application on the target computing system. 4.The method of claim 1 wherein the data protection policy comprises, foreach of the plurality of hardware components, a data protection solutionthat comprises at least one of a periodic backup, a synchronous datareplication process, an asynchronous data replication process, or abusiness continuity measure.
 5. The method of claim 1 wherein the dataprotection solutions for each of the plurality of hardware components isrecorded in the metadata.
 6. The method of claim 5 wherein the dataprotection solution for each of the plurality of hardware componentsmaintains the location of backup file data in accordance with a backupfile retention period.
 7. A system for logically remediatinginfrastructure resource components, the system comprising: at least oneprocessor; memory; and a data protection policy management (DPPM) moduleutilizing the at least one processor and memory, wherein the DPPM moduleis configured to: capture metadata specifying both a data protectionpolicy applied to an enterprise application supported by a hostcomputing system and a location of backup file data associated with theenterprise application; transfer the enterprise application and themetadata from the host computing system to a target computing system;and utilize the metadata to reconstruct the data protection policy forthe transferred enterprise application on the target computing system,wherein the metadata specifies a data protection solution for each of aplurality of hardware components supporting the transferred enterpriseapplication on the target computing system, wherein the target computingsystem includes a data protection policy management module that isconfigured to assess whether the plurality of hardware components on thetarget computing system is able to implement the data protection policyby comparing requirements included in the data protection policy withavailable physical resources in the target computing system, and whereinthe data protection policy management module is configured toreconstruct the data protection policy by designating the availablephysical resources in the target computing system to support thetransferred enterprise application and to comply with the dataprotection policy.
 8. The system of claim 7 wherein each of the hostcomputing system and the target computing system is a convergedinfrastructure (CI) system.
 9. The system of claim 7 wherein the DPPMmodule is further configured to utilize the transferred metadata torestore at least a portion of the transferred enterprise application onthe target computer system.
 10. The system of claim 7 wherein the dataprotection policy comprises, for each of the plurality of hardwarecomponents, a data protection solution that comprises at least one of aperiodic backup, a synchronous data replication process, an asynchronousdata replication process, or a business continuity measure.
 11. Thesystem of claim 7 wherein the data protection solutions for each of theplurality of hardware components is recorded in the metadata.
 12. Thesystem of claim 11 wherein the data protection solution for each of theplurality of hardware components maintains the location of backup filedata in accordance with a backup file retention period.
 13. Anon-transitory computer readable medium having stored thereon executableinstructions which, when executed by a processor of a computer, causethe computer to perform steps comprising: capturing metadata specifyingboth a data protection policy applied to an enterprise applicationsupported by a host computing system and a location of backup file dataassociated with the enterprise application; transferring the enterpriseapplication and the metadata from the host computing system to a targetcomputing system; and utilizing the metadata to reconstruct the dataprotection policy for the transferred enterprise application on thetarget computing system, wherein the metadata specifies a dataprotection solution for each of a plurality of hardware componentssupporting the transferred enterprise application on the targetcomputing system, wherein the target computing system includes a dataprotection policy management module that is configured to assess whetherthe plurality of hardware components on the target computing system isable to implement the data protection policy by comparing requirementsincluded in the data protection policy with available physical resourcesin the target computing system, and wherein the data protection policymanagement module is configured to reconstruct the data protectionpolicy by designating the available physical resources in the targetcomputing system to support the transferred enterprise application andto comply with the data protection policy.
 14. The computer readablemedium of claim 13 wherein each of the host computing system and thetarget computing system is a converged infrastructure (CI) system. 15.The computer readable medium of claim 13 comprising utilizing thetransferred metadata to restore at least a portion of the transferredenterprise application on the target computing system.
 16. The computerreadable medium of claim 13 wherein the data protection policycomprises, for each of the plurality of hardware components, a dataprotection solution that comprises at least one of a periodic backup, asynchronous data replication process, an asynchronous data replicationprocess, or a business continuity measure.
 17. The computer readablemedium of claim 13 wherein the data protection solutions for each of theplurality of hardware components is recorded in the metadata.